[Freedombox-discuss] Per user temp directory using libpam-tmpdir?

Sat Aug 9 11:31:12 UTC 2014

On Sat, Jun 14, 2014 at 3:52 AM, Petter Reinholdtsen <pere at hungry.com> wrote:
> One nice way to isolate users a bit more from each other is to ensure
> that each user but their temporary files in separate directories
> instead of /tmp/.  This can be easily done in Debian by installing the
> libpam-tmpdir package, and I believe we should do it in the freedombox.
>
> It make it slightly harder to use su/sudo, as one might end up
> inheriting a TMP/TMPDIR environment setting where one lack access, but
> it is easily solved by remembering to changing how one call su/sudo.
>
> Any objections?

No objection to this change, but I found a bug while trying to build
an image with freedom-maker:

Setting up ssl-cert (1.0.34) ...
mktemp: failed to create file via template
'/tmp/user/0/tmp.XXXXXXXXXX': No such file or directory
dpkg: error processing package ssl-cert (--configure):
 subprocess installed post-installation script returned error exit status 1
...
Processing triggers for ca-certificates (20140325) ...
mktemp: failed to create file via template
'/tmp/user/0/ca-certificates.crt.tmp.XXXXXX': No such file or
directory
dpkg: error processing package ca-certificates (--configure):
 subprocess installed post-installation script returned error exit status 1

It looks like the issues are caused by the following scripts running mktemp:
[1] http://sources.debian.net/src/ca-certificates/20140325/sbin/update-ca-certificates
[2] http://sources.debian.net/src/ssl-cert/1.0.34/make-ssl-cert

I found a similar bug that was reported for pbuilder:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725434
which suggests it is related to having libpam-tmpdir installed.

I guess I'm not really clear on which package this bug would belong
to. Should libpam-tmpdir have created the missing folder? Or is that
something we need to do in freedom-maker?